SUMMARY: firewall experiences?

From: Ameet Chaubal (
Date: Wed Nov 03 1999 - 06:32:31 CST

Thanks all

lot of people said that the performance on Firewall-1 is excellent.
Some configs of sun machines running firewall-1:
ultra5, 300MHz. 128MB ram
ultra10, 300MHz, 500mb ram
ultra2, dual 300MHz, 256 mb ram.-- easily handled dual load balanced T-3

IT is suggested that one put ACLs on the routers to reduce some load off of
the firewalls.

Another option suggested was Sunscreen EFS
    adv: NAT is simple. command line as well as JAVA based interface.
            Does not require license key if you don't need HA.



> Hi all
> We are considering buying a firewall for our company.
> We need to have connectivity over Sql*Net/Net8 from the
> web server in the DMZ th'r the firewall to our Oracle database behind the
> firewall.
> I am considering cisco PIX, firewall-1 (stateful inspection) and
> Raptor (application proxy).
> I wan to do NAT. One thing I have come across in the reviews is that
> performance degrades when doing NAT on software firewalls.
> As usual, the management wants fort knox security and speed of light!
> Does anybody have any experience in running any one of these on Sun
> hardware.
> Our site could get a lot of hits and also apart from that we need to fetch
> data on a constant basis from some external sites.
> What kind of configuration have you tried for max performance?
> What about scalability, load sharing etc.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:31 CDT